OSS spurs IP protection concerns

Open-source software (OSS) has become ubiquitous as corporations recognize its cost and efficiency advantages. According to analyst firm International Data Corp. (IDC), OSS makes up 30 percent or more of the computer code at Global 2000 organizations, and the percentage is expected to grow.

But in many companies, legal protections haven’t kept pace. A major concern for in-house counsel is understanding how to properly license OSS so the terms selected provide their companies with necessary use and distribution rights while also protecting their intellectual property assets. A 2011 Gartner survey revealed that more than half of the 500 companies polled have failed to adopt effective policies for evaluating and governing OSS.

OSS is the name given to computer software that is distributed along with its source code. The code, lines of instruction that programmers write to make computers do their work, can be modified by anyone with the programming skills to create new software. OSS is available in a variety of forms from operating systems to applications and programming tools.

OSS differs from proprietary commercial or closed-source software, such as Microsoft Word and Excel, in which users pay for software but don’t see and cannot easily modify the source code. Companies not wishing to be tied indefinitely to a single vendor can instead use OSS such as Linux/GNU code, for example. OSS also speeds the development time for new software. It follows that using OSS can save significant expense.

Matt Jacobs, corporate counsel of Black Duck Software, an OSS consulting firm, compares software developers’ use of OSS to “lawyers who never would start a contract draft from scratch and always borrow parts and pieces from other places. Why reinvent the wheel?” But, he notes, “A big difference is that OSS parts and pieces are covered by copyright. Failure to pay attention to that can be costly.”

Copyleft Rights

In general, OSS licenses differ in how source code can be changed, embedded or incorporated with other source code and, most significantly, the terms on which OSS may be redistributed. This is a critical distinction if a company wants to license or sell software it developed using OSS.

Some OSS licenses incorporate the concept of copyleft, a play on the word copyright. Copyleft makes a program available to others to modify and then requires all modified versions of the program to be freely available as well.

For example, OSS licensed under one of the general public license (GPL) models is incorporated into a company’s proprietary software, and the combined software is licensed or otherwise redistributed. But the GPL may specify that software based on the OSS may not be distributed as a proprietary product. In that situation, other companies may freely use the new software.

“Many companies do not realize that their proprietary software can include OSS and be covered under a GPL license,” says James Kunick, chair of the IP and technology practice at Much Shelist.

The law surrounding OSS agreements and copyleft is still evolving, Kunick says. The 2006 7th Circuit opinion in Wallace v. Int’l Bus. Machs. Corp. and the 2008 Federal Circuit decision in Jacobsen v. Katzer state that copyleft agreements may be effective in ensuring that copies and modifications to OSS remain open source.

Jacobsen also supports the proposition that an open-source licensing agreement may have conditions and covenants that both limit its scope and provide a copyright holder with an actionable claim for infringement if the licensee acts outside the scope of the license, Kunick says.

Valuation Impact

Another consideration for companies using OSS is the potential impact its use may have on the value of the company if it is being acquired.

“Using software with embedded open- source components may have an adverse effect on a company’s valuation since there is a higher risk of liability for violating the terms of the OSS license for such open-source components,” Kunick says.

“We regularly see targets in the M&A context being caught off guard by the fact that OSS scanning has become a regular part of many serial acquirers’ IP due diligence,” he says. “Some potential targets are catching on and are coming to us proactively in the weeks before a potential acquisition so that they have time to remediate any open-source issues detected in their code base.”

Licensing Lessons

One source of information for in-house counsel seeking to implement or improve an OSS policy is Open Source Initiative (OSI), a non-profit corporation that promotes OSS and has established commonly used licensing terms.

“We promote ease of adoption for open-source software, encourage people to create and use it, help lower legal and other barriers, and sometimes debunk myths about OSS,” says OSI Board Member Karl Fogel.

“Reducing the number of different open-source licenses people have to understand makes it easier for everyone to adopt and mix-and-match OSS,” he says.

Because a company may be using OSS governed by a variety of license terms, Kunick recommends performing an IP and/or IT audit to determine a company’s rights with respect to OSS and under which license models software is permitted to be used. He also recommends designating an OSS review officer or committee. Companies should carefully review and follow the terms of all open-source licenses to avoid IP infringement and breach-of-contract claims, along with the subsequent forfeiture of rights to a company’s proprietary software.

Copyright Confusion

One major risk in using open-source software (OSS) is the potential for costly IP litigation, recently highlighted in Oracle America Inc. v. Google Inc. Significant portions of the software running Apple and Android mobile devices, such as iPhones, iPads and Galaxy model phones, are based on OSS. Oracle sued Google claiming Google’s Android mobile software infringed Oracle’s copyrights on elements of the Java programming language, which is OSS.

The suit centered on application programming interfaces (API) in just nine lines of software code. Historically, APIs have not been copyrighted, but Oracle argued that the Java APIs were sufficiently complex to merit copyright protection.

The May verdict illustrates the level of confusion concerning copyrights involving OSS. The jury found that Google did indeed infringe on Oracle’s copyright on Java APIs but did not rule on whether Google had “fair use.” In other words, the jury couldn’t decide whether it was legal for Google to do that because Java APIs are open and free to the developer community.

Later, Judge William Alsup decided that Java APIs were not copyrightable and dismissed Oracle’s suit. Oracle filed a notice of appeal in October.